Access Management for Apache Spark OLAC
Introduction
Privacera offers a robust access control solution for Apache Spark, empowering users to define and enforce Object-Level Access Control (OLAC) specifically for Spark. To get more visualization for Apache Spark integration with Privacera, refer to the Apache Spark Access Control document.
Connector Details
| Topics | Details |
| Integration methodology | Apache Ranger Plugin |
| Access Tools | pysparkspark-shellspark-sqlspark-submit |
| Supported User Identities for Policies | - LDAP/AD/SCIM Users
- LDAP/AD/SCIM Groups
- Privacera Roles
|
| Data Source User Identities | |
Supported Access Management Features
| Feature | OLAC | OLAC_FGAC |
| Object Level Access Control |  Yes | Yes |
| Database Level Access Control |  No | Yes |
| Table Access Control | No | Yes |
| View Access Control | No | Yes |
| Column Access Control | No | Yes |
| Row Access Control | No | Yes |
| Dynamic Column Data Masking | No | Yes |
| Centralized Access Audit | No | Yes |
| Granular Access Audit Record | No | Yes |
| Dynamic Column Data Encryption | No | No |
How it Works
- Privacera integrates with Apache Spark by extending the Spark Docker image to include Privacera’s plugin and configurations.
- The script file installs the required packages along with Privacera-specific files, including the plugin and setup script.
- The final Docker image is a customized build that incorporates Privacera’s setup, plugins, and configurations.
User Identity Mapping
Policies in Privacera are configured for users and groups based on JWT, as well as for roles created within Privacera. These identities are mapped as follows:
| Privacera Identity | OSS Identity |
| LDAP/AD/SCIM User | JWT |
| LDAP/AD/SCIM Group | N/A |
| Privacera Role | N/A |
Supported Runtime Versions
Privacera supports the following Apache Spark versions:
| Apache Spark Version | Privacera Release Version |
| Spark-3.5.4 | 9.0.13.1 to current |
| Spark-3.5.3 | 9.0.3.1 to current |